Linksys BEFSX41 - Manuals

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint Chapter 2: Your Virtual Private Network (VPN) Computer networking provides a flexibility not available when using an archa-ic, paper-based system. With this flexibility, however, comes an increased riskin security. This is why f i...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint There are two basic ways to create a VPN connection:• Firewall Router to Firewall Router • Computer (using VPN client software that supports IPSec) to FirewallRouter The Firewall Router creates a “tunnel” or channel between two en...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 9 Chapter 3: Getting to Know the EtherFast Cable/DSL Firewall Router The Router’s ports, shown in Figure 3-1, are where network cables are con-nected WAN The WAN (Wide Area Network) port is where you connectyour cable or DSL modem...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 11 Instant Broadband ® Series 10 WAN and LAN LEDs Link/Act Green. The Link/Act LED serves two purposes. If the LED is con-tinuously lit, the Router is successfully connected to a devicethrough the corresponding port (1, 2, 3 or 4/...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 13 Instant Broadband ® Series 12 Repeat the above step to connectmore PCs or network devices tothe Router. 3. Connect the Ethernet cable from your cable or DSL modem to the WAN port on the Router’sback panel, as shown in Figure 4-...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 1. Go to the Network screen by clicking the Start button. Click Settings and then Control Panel. From there, double-click the Network icon. 2. On the Conf iguration tab, shown in Figure 5-1, select the TCP/IP line for the applicab...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 1. Go to the Network screen by clicking the Start button. Click Settings and then Control Panel. From there, double-click the Network and Dial-upConnections icon. 2. Select the Local Area Connection icon for the applicable Etherne...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint The following instructions assume you are running Windows XP with thedefault interface. If you are using the Classic interface (where the icons andmenus look like previous Windows versions), please follow the instructions forWindo...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 21 Instant Broadband ® Series 3. Select Internet Protocol (TCP/IP), as shown in Figure 5-7, and click the Properties button. 4. Select Obtain an IP address automatically. Once the new window Select Obtain an IP address automatical...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint Obtain an IP Address Automatically If your ISP says that you areconnecting through DHCP or adynamic IP address from yourISP, perform these steps: A. S e l e c t O b t a i n a n I P Automatically as the WANConnection Type. (Shown i...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint PPTP PPTP is a service used in Europeonly. (Shown in Figure 6-8.) Ifyou are using a PPTP connec-tion, check with your ISP for thenecessary setup information. When you are f inished with theSetup tab, proceed to step 5. HBS HBS is ...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint Chapter 7: The Cable/DSL Firewall Router’s Web-based Utility For your convenience, use the Router’s web-based utility to administer it. Thischapter will explain all of the functions in this utility. The utility can beaccessed via ...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint • Device IP Address and Subnet Mask The values for the Router’s IP Address and Subnet Mask are shown here. The default values are192.168.1.1 for the Device IP Address and 255.255.255.0 for the SubnetMask. • WAN Connection Type The...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 31 Instant Broadband ® Series 30 PPPoE Some DSL-basedISPs use PPPoE( P o i n t - t o - P o i n tProtocol overEthernet) to establishInternet connectionsfor end-users. If youare connected to theInternet through aDSL line, check with...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 35 Instant Broadband ® Series HBS The HeartBeatSignal (HBS) is a service thatapplies to connec-tions in Australiaonly. (Shown inFigure 7-9.) Forusers in Australia,check with your ISPfor setup informa-tion. User Name and Password E...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint PPTP Pass Through• Point-to-Point Tunneling Protocol Pass Through is the method used toenable VPN sessions to a Windows NT 4.0 or 2000 server. PPTP PassThrough is enabled by default. To disable this feature, click on Disable nextt...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint Virtual Private Networking (VPN) is a security measure that basically createsa secure connection between two remote locations. This connection is veryspecif ic as far as its settings are concerned; this is what creates the securit...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 41 40 • IP Address - If you select IP Address, only the computer with the spe- cif ic IP Address that you enter will be able to access the tunnel. In theexample shown in Figure 7-13, only the computer with IP Address192.168.1.10 c...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 43 42 Remote Security Gateway The Remote Security Gateway is the VPN device, such as a second FirewallRouter, on the remote end of the VPN tunnel. Under Remote SecurityGateway, you have three options: IP Address, FQDN, and Any. • ...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint Key Management In order for any encryption to occur, the two ends of the tunnel must agree onthe type of encryption and the way the data will be decrypted. This is done bysharing a “key” to the encryption code. Under Key Managemen...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 49 48 EncryptionSelect the length of the key used to encrypt/decrypt ESP packets. There are twochoices: DES and 3DES. 3DES is recommended because it is more secure. AuthenticationSelect the method used to authenticate ESP packets....

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 51 Phase 2 GroupThere are two Diff ie-Hellman Groups to choose from: 768-bit and 1024-bit.Diff ie-Hellman refers to a cryptographic technique that uses public and privatekeys for encryption and decryption. Key LifetimeIn the Key L...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 53 Do not restore the factory defaults unless you are having diff iculties with theRouter and have exhausted all other troubleshooting measures. Once the Routeris reset, you will have to re-enter all of your conf iguration data. U...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint From the DHCP screen, shown in Figure 7-28, you can conf igure the Router asa DHCP Server. A Dynamic Host Conf iguration Protocol (DHCP) server automatically assignsan IP address to each PC on your network for you. Unless you alre...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint The Log tab, shown in Figure 7-29, provides you with a log of all incoming andoutgoing URLs or IP addresses for your Internet connection. To access activity logs, select the Enable option next to Log. This function canbe disabled ...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 59 From the drop-down menu, select the log you wish to view: All (to view alllogs), System Log, Access Log, Firewall Log, or VPN Log. • System Log The System Log screen displays a list of cold and warm starts, web login successes ...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint The Filters screen, shown in Figure 7-33, allows you to block or allow specif ickinds of Internet usage. You can set up Internet access policies for specif ic PCs. Internet Access Policy Multiple f ilters can be saved as Internet ...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 5. To block websites with specif ic URL addresses, enter each URL address in a Website Blocking by URL Address f ield. You can enter up to four URLaddresses. 6. To block websites that use specif ic keywords as part of their URL ad...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 65 From the Forwarding tab, shown in Figure 7-37, you can set up public serviceson your network, such as web servers, ftp servers, e-mail servers, or other spe-cialized Internet applications. (Specialized Internet applications are...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 67 66 • Telnet A terminal emulation protocolcommonly used onInternet andTCP/IP-based net-works. It allows auser at a terminal orcomputer to logonto a remotedevice and run aprogram. • S M T P ( S i m p l e Mail TransferProtocol) Th...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 69 68 5. Enter the IP address of the server that you want the Internet users to be able to access. To f ind the IP address, go to “Appendix G: Finding the MACAddress and IP Address for Your Ethernet Adapter.” 6. Check the Enable b...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 71 70 If the Router is connected to more than one network, it may be necessary to setup a static route between them. This can be done from the Static Routingscreen, shown in Figure 7-41. A static route is a pre-determined pathway ...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 73 72 From the DMZ Host tab, shown in Figure 7-42, you can set Port 4/DMZ toDMZ or LAN connection. Any user on the Internet can access incoming or out-going data from the DMZ host without the use of f irewall protection. This fea-...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 75 Specify an IP Address behind the DMZ Port: If you have multiple PCsconnected to Port 4/DMZ via a hub or switch, you can specify which PC isthe DMZ host. To expose a computer with a specif ic IP address, enter thatcomputer’s IP ...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint DynDNS.org To order DynDNS service, click the appropriate link at the top of the DDNSscreen. Username, Password, and Host Name Enter the Username, Password, andHost Name of the account you set up with DynDNS.org. Internet IP Addre...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 79 Instant Broadband ® Series TZO.com To sign up for a free, 30-day trial of TZO service, order TZO service, or man-age your TZO service, click the appropriate link at the top of the DDNS screen. Domain Name, Email Address, and TZ...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 81 Instant Broadband ® Series For Windows 2000: A. Click Start, Settings, and Control Panel. Double-click Network and Dial-Up Connections. B. Right-click the Local Area Connection that is associated with the Ethernet adapter you a...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 83 Instant Broadband ® Series 82 C. In the command prompt, type ping 192.168.1.1 and press the Enter key. • If you get a reply, the computer is communicating with the Router.• If you do NOT get a reply, please check the cable, and...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 13. The firmware upgrade failed, and/or the Diag LED is flashing. The upgrade could have failed for a number of reasons. Follow these steps toupgrade the f irmware and/or make the Diag LED stop flashing: A. If the f irmware upgrad...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 93 Instant Broadband ® Series 92 I set up an Unreal Tournament Server, but others on the LAN cannot join. What do I need to do? If you have a dedicated Unreal Tournament server running, you need to create a static IP for each of t...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 97 Instant Broadband ® Series 96 As secure as the Firewall Router makes your data, there are still more ways tomaximize security. The following are a few suggestions on how to increase datasecurity beyond the Firewall Router. 1) M...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 99 Instant Broadband ® Series 98 1. Click the Start button, select Run, and type secpol.msc in the Open f ield. The Local Security Setting screen will appear as shown in Figure C-1. 2. Right-click IP Security Policies on Local Com...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 101 Instant Broadband ® Series 100 3. The IP Filter List screen should appear, as shown in Figure C-4. Enter an appropriate name, such as win->router, for the f ilter list, and de-select theUse Add Wizard check box. Then, click...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 103 Instant Broadband ® Series 102 8. The IP Filter List screen should appear, as shown in Figure C-7. Enter an appropriate name, such as router->win for the f ilter list, and de-select the Use Add Wizard check box. Click the A...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 105 Instant Broadband ® Series 104 Tunnel 1: win->router 1. From the IP Filter List tab, shown in Figure C-10, click the f ilter listwin->router. 2. Click the Filter Action tab (as in Figure C-11),and click the f ilter actio...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 107 Instant Broadband ® Series 106 5. Change the authentica- tion method to Use thisstring to protect thekey exchange (pre-shared key), as shownin Figure C-14, andenter the preshared keystring, such asXYZ12345. Click theOK button....

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 109 Instant Broadband ® Series 108 Tunnel 2: router->win 9. In the screen, shown in Figure C-18, make surethat “win -> router” isselect and deselect theUse Add Wizardcheck box. Then, clickthe Add button to cre-ate the second...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 111 Instant Broadband ® Series 110 13. Change the authenti- cation method to Usethis string to protectthe key exchange(preshared key), andenter the presharedkey string, such asXYZ12345, asshown in Figure C-22. (This is a samplekey...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 113 Instant Broadband ® Series 112 17. From the Rules tab, shown in Figure C-26, click the Closebutton to return tothe secpol screen. In the IP Security Policies on Local Computer window, shown in Figure C-27, right-click the poli...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 115 Instant Broadband ® Series 114 8. Select IP Addr. from the pull-down menu beside Remote Security Gateway. This would be the IP Address of your Internet connection as seenfrom the Internet. Enter this IP Address here. 9. Select...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 117 Instant Broadband ® Series Appendix D: SNMP Functions SNMP (Simple Network Management Protocol) is a widely-used networkmonitoring and control protocol. Data is passed from a SNMP agent, such asthe EtherFast Cable/DSL Firewall...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 119 Instant Broadband ® Series 118 Step Two: Pinging for a Web Address While the IP address returned above would work as your e-mail server address,it may not be permanent. IP addresses change all the time. Web addresses, how-ever...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 6. Find and double-click TCP/IP in the list to the right (see Figure F-2). 7. After a few seconds, the main Network window will appear. The TCP/IP Protocol should now be listed. 8. Click the OK button. Windows may ask for original...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 3. Write down the Adapter Address as shown on your computer screen (see Figure G-3). This is the MAC address for your Ethernet adapter and willbe shown as a series of numbers and letters. The MAC address/Adapter Address is what yo...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint Cable Modem - A device that connects a computer to the cable television net-work, which in turn connects to the Internet. Once connected, cable modemusers have a continuous connection to the Internet. Cable modems featureasymmetri...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint Hub - The device that serves as the central location for attaching wires fromworkstations. Can be passive, where there is no amplif ication of the signals; oractive, where the hubs are used like repeaters to provide an extension o...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint 139 Appendix I: Specifications Model Number BEFSX41 Standards IEEE 802.3, IEEE 802.3u Protocol CSMA/CD Ports WAN: One 10/100 RJ-45 Port LAN: Four 10/100 RJ-45 Ports (One with DMZFunctionality) Cabling Type UTP Category 5 or Better...

EtherFast ® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint Appendix K: Contact Information For help with the installation or operation of the EtherFast Cable/DSL FirewallRouter, contact Linksys Technical Support at one of the phone numbers orInternet addresses below. Sales Information 800...